Issues with multiple wifi clients

[sfx2000]

Before you typed this one I was about to ask if I could just telnet in and

iptables -save
(enter your two commands)
Test
iptables -restore

Is that anywhere near being on the right page?

The default tables are complex enough, and it's been a long time since I've looked at them in detail on AsusWRT - would feel better to ask someone else on where to put those two entries - in the wrong place, they might not even get invoked...

 

[jph1589]

Hehe... but perhaps someone that is running RMerlin's build and has an iDevice (or ubuntu, even inside a VM) can give this a try...

If it works, then no code changes needed, and it would solve a long standing issue...

I am running his latest build and I have too many idevices.

 

[sfx2000]

The default tables are complex enough, and it's been a long time since I've looked at them in detail on AsusWRT - would feel better to ask someone else on where to put those two entries - in the wrong place, they might not even get invoked...

Reached out to someone who knows AsusWRT in depth... again, step lightly, and if this is not something one is comfortable with...

If the rules go in the INPUT/OUTPUT chains, then the best place is in the firewall-start script. That script will be run every time the firmware needs to reconfigure the firewall rules.

nat-start is run whenever the FORWARD/nat/mangle rules are modified by the firmware.​

 

[jph1589]

Reached out to someone who knows AsusWRT in depth... again, step lightly, and if this is not something one is comfortable with...

If the rules go in the INPUT/OUTPUT chains, then the best place is in the firewall-start script. That script will be run every time the firmware needs to reconfigure the firewall rules.

nat-start is run whenever the FORWARD/nat/mangle rules are modified by the firmware.​

That isn't something I have a clue how to do. That being said I can tackle it if someone walks me through what is needed.

 

[sfx2000]

That isn't something I have a clue how to do. That being said I can tackle it if someone walks me through what is needed.

Unfortunately - I can't help you much here with regards to specifics - e.g. a walk-thru step by step thing...

I know the networking side, but it's been a really long time since I've dug into the depths of AsusWRT and how they do things.

I suppose I could have just ignored the post, but I'm trying to offer one possible solution here with these ruleset changes...

 

[jph1589]

Unfortunately - I can't help you much here with regards to specifics - e.g. a walk-thru step by step thing...

I know the networking side, but it's been a really long time since I've dug into the depths of AsusWRT and how they do things.

I suppose I could have just ignored the post, but I'm trying to offer one possible solution here with these ruleset changes...

I appreciate your help. I will do some research and see if I can get through it.

 

[RMerlin]

Connect over SSH, and copy/paste the following:

cat << EOF > /jffs/scripts/firewall-start
#!/bin/sh
iptables -I INPUT -p tcp --tcp-option 30 -m state --state NEW -j DROP
iptables -I OUTPUT -p tcp --tcp-option 30 -m state --state NEW -j DROP 
EOF
chmod a+rx /jffs/scripts/firewall-start
nvram set jffs2_scripts=1
nvram commit
service restart_firewall

This will create the script that sets up the rules, and restart the firewall.

Do not run this if you already created a firewall-start script, as it will overwrite it!

Use -I instead of -A for the rules, to ensure that they get processed before any ACCEPT rule.

 

[jph1589]

Connect over SSH, and copy/paste the following:

cat << EOF > /jffs/scripts/firewall-start
#!/bin/sh
iptables -I INPUT -p tcp --tcp-option 30 -m state --state NEW -j DROP
iptables -I OUTPUT -p tcp --tcp-option 30 -m state --state NEW -j DROP
EOF
chmod a+rx /jffs/scripts/firewall-start
nvram set jffs2_scripts=1
nvram commit
service restart_firewall

This will create the script that sets up the rules, and restart the firewall.

Do not run this if you already created a firewall-start script, as it will overwrite it!

Use -I instead of -A for the rules, to ensure that they get processed before any ACCEPT rule.

Let's say I want to test this before I make it permanent script. Can I just telnet in and enter those two iptables commands?

 

[RMerlin]

Let's say I want to test this before I make it permanent script. Can I just telnet in and enter those two iptables commands?

Yes.

 

[jph1589]

Well........ I turned off my QOS bandwidth limiter so that I could make sure that I could recreate this issue. I started up a backup on my iphone and my ipad and waited for the network to crash. I had to make sure I could recreate it before I can test the fix. Sure enough it didn't fail. Both of the backups ran for about 10 minutes and the network didnt even slow down. So until I figure out what demons are afoot, I have to wait to test this.

I feel pretty confident that Apple didnt fix this and nothing else has changed here since I implimented Merlin and the bandwidth fix. So maybe I am just tired and some sleep will help.

 

[sfx2000]

Well........ I turned off my QOS bandwidth limiter so that I could make sure that I could recreate this issue. I started up a backup on my iphone and my ipad and waited for the network to crash. I had to make sure I could recreate it before I can test the fix. Sure enough it didn't fail. Both of the backups ran for about 10 minutes and the network didnt even slow down. So until I figure out what demons are afoot, I have to wait to test this.

I feel pretty confident that Apple didnt fix this and nothing else has changed here since I implimented Merlin and the bandwidth fix. So maybe I am just tired and some sleep will help.

Sounds good - check and make sure that Siri still works - which I expect it will...

Thx to Rmerlin (that's the person I reached out to for AsusWRT specifics) - with more testing, this might help out a lot of AsusWRT users that have iDevices...

@RMerlin - thanks again for the assist, and this might be something, depending on testing in a larger cohort of users, but this is not a code change, it's a config change, and might be something to add to the FAQ...

fun problem with a neat solution - win/win for all..

sfx

 

[jph1589]

Well........ I turned off my QOS bandwidth limiter so that I could make sure that I could recreate this issue. I started up a backup on my iphone and my ipad and waited for the network to crash. I had to make sure I could recreate it before I can test the fix. Sure enough it didn't fail. Both of the backups ran for about 10 minutes and the network didnt even slow down. So until I figure out what demons are afoot, I have to wait to test this.

I feel pretty confident that Apple didnt fix this and nothing else has changed here since I implimented Merlin and the bandwidth fix. So maybe I am just tired and some sleep will help.

Sleep didn't make a difference. I have tried to recreate this issue with my iphone(latest IOS 10) and ipad(IOS 9 something) multiple times with no success. I even disconnected my USB drive from the router and rebooted with no change.

About 2 months ago before I put in the merlin firmware and set the bandwidth limiter I could make the network fail just by starting a backup to icloud from any ios device. Since last night I have tried at least 20 times with no failures.

Until I can figure out why and get it to fail, I cant test this idea. Appreciate everyone's input and help.